With confidential client records, M&A documents, and court filings on the line, law firms have become prime targets for ransomware groups and state-backed attackers alike.
This month’s headlines say it all: the International Criminal Court breached again, 1 in 5 U.S. firms hit by cyberattacks, and sophisticated social engineering tactics bypassing once-reliable defenses.
Cyberattack on the International Criminal Court: A Wake-Up Call for Law Firms
In a chilling reminder of the growing cyber threats targeting legal institutions, the International Criminal Court (ICC) has confirmed it was hit by another sophisticated cyberattack.
The breach, detected and contained swiftly thanks to the ICC’s cybersecurity alert systems, underscores the reality that even the world’s top legal bodies aren’t immune to digital threats.
The ICC, headquartered in The Hague, reported that the attack was highly targeted and complex. While details remain undisclosed, officials have initiated a court-wide impact assessment and are actively working to mitigate any lasting effects.
This is not the ICC’s first experience with a major cyber incident.
In 2023, the court suffered a severe breach that forced it to disconnect from the internet entirely for several weeks. That attack was believed to be aimed at undermining the court’s operations and potentially accessing sensitive legal proceedings and evidence.
This latest intrusion coincides with a particularly sensitive time.
The court is currently handling several politically charged cases, including arrest warrants for Russian President Vladimir Putin, Israeli Prime Minister Benjamin Netanyahu, and Hamas leader Ibrahim ‘Deif’ Al-Masri.
The attack also occurred just as world leaders, including NATO delegates, convened in The Hague, a fact that raises questions about potential motives and geopolitical implications.
For law firms, the implications are clear: if a global institution like the ICC can be breached, your firm is also at risk, especially if you’re managing politically sensitive or high-value cases.
Takeaways for Law Firms and Legal Teams
- Assume you’re a target. Legal institutions are increasingly in the crosshairs of cybercriminals and state-sponsored actors.
- Strengthen detection and response. Early detection helped the ICC contain the damage. Your firm needs 24/7 monitoring and incident response protocols.
- Protect politically sensitive data. High-profile cases draw attention. Encrypt sensitive files and restrict access.
- Educate your attorneys and staff. Many breaches start with phishing or credential theft. Ongoing security awareness training is essential.
- Review your cybersecurity posture regularly. Don’t wait for a breach to discover vulnerabilities in your systems.
1 in 5 U.S. Law Firms Hit by Cyberattacks
A new study has revealed a sobering statistic for the legal industry: 20% of U.S. law firms experienced cyberattacks in 2024, and almost one in ten of them said their sensitive data has been breached.
These findings, released by Geneva-based cybersecurity firm Proton, highlight a critical weakness in the legal sector’s ability to prepare for, respond to, and recover from cybersecurity incidents.
The report, based on a survey of 500 firms, didn’t limit its scope to a particular firm size, meaning everyone from boutique practices to Am Law 100 firms is at risk.
Recent high-profile breaches involving Kirkland & Ellis, Taft, and Allen & Overy are proof that no firm is too large or too well-known to be spared.
Several factors are contributing to the legal sector’s vulnerability:
- Lack of breach response knowledge: 65% of firms surveyed said they were unsure of their legal or regulatory obligations following a cyber incident.
- Poor incident preparedness: 42% admitted they didn’t know whether they could recover effectively from a breach.
- Rapid cloud adoption and hybrid work: These shifts have expanded attack surfaces, but security policies haven’t always kept up.
Even firms that have adopted tools like multi-factor authentication (MFA) are not in the clear.
According to cybersecurity experts, attackers now bypass MFA through clever social engineering and technical exploitation, often by targeting the human element through phishing or impersonating IT staff.
The FBI recently issued warnings about criminal groups like Luna Moth, which specifically target law firms. These actors pose as IT personnel to trick employees, exfiltrate case files, M&A documents, and litigation strategies. Then, they follow up with ransom demands and threats of public exposure.
Staff are sometimes contacted directly, intensifying pressure on firms to pay or risk reputational ruin.
Here’s what legal teams and firm leaders need to do now:
- Enforce strong access controls with role-based privileges.
- Use real-time device monitoring to catch intrusions early.
- Encrypt everything, especially when handling client data or case documents.
- Run breach readiness drills the same way you’d test contract workflows or compliance checks.
- Assume breach is inevitable and plan to prevent and contain damage.
Network Security in 2025: What Law Firms Need to Know About the Next Wave of Threats
As law firms grow more dependent on digital platforms, cloud-based tools, and remote work environments, the traditional “network perimeter” model of cybersecurity is rapidly becoming obsolete.
In its place, a far more complex and far more dangerous scenario is emerging, where sensitive client data can be targeted from almost anywhere: a compromised app, a rogue employee device, or even a satellite in space.
To stay protected, legal organizations must understand where network security is headed and prepare accordingly.
Here’s what your firm needs to know in 2025 and beyond:
1. Integrated Security Is No Longer Optional
The modern law office might include on-site servers, cloud platforms, mobile devices, and third-party legal tech tools, all of which create entry points for attackers. Managing these endpoints with disconnected tools is a recipe for missed threats.
Firms need centralized, integrated security platforms that allow security teams to monitor all endpoints, enforce consistent policies, and detect unusual behavior in real time.
2. Cloud Security Becomes Mission-Critical
As law firms increasingly migrate to the cloud for case management, billing, document storage, and remote collaboration, attackers are following close behind.
Modern cloud security frameworks like Secure Access Service Edge (SASE) provide a more flexible way to secure users and data, no matter where they are. SASE routes all traffic through secure, geographically distributed gateways.
3. Zero Trust: The New Default for Legal IT
Instead of assuming trust based on location (e.g., inside the office), the zero trust model continuously verifies every user and device before granting access to sensitive files or systems.
For law firms handling client PII, M&A details, or intellectual property, Zero Trust Network Access (ZTNA) adds an essential layer of protection. If a device or login is compromised, access remains limited and monitored, reducing potential damage.
4. Smarter AI Means Faster Threat Response
AI-driven solutions can detect unusual behavior like a paralegal logging in at 3 a.m. from another country and automatically flag or block activity before a breach occurs.
Artificial intelligence can also handle time-consuming tasks like vulnerability scanning, incident triage, and even phishing detection. This gives your IT team room to focus on real threats, not repetitive alerts.
5. Quantum-Resistant Encryption Will Matter Sooner Than You Think
Quantum computing may sound futuristic, but the encryption used to protect your legal data today could become breakable within the next few years.
Forward-thinking firms should begin exploring quantum-safe encryption standards, especially those transmitting data across multiple platforms, from office networks to mobile devices and beyond.
For example, new SD-WAN technologies can segment and encrypt traffic across different networks (e.g., Wi-Fi, 5G, satellite), helping to thwart man-in-the-middle attacks even as data travels.
6. Decentralized Identity Is on the Rise
Decentralized identity systems, built on blockchain or distributed ledgers, eliminate single points of failure by shifting control of digital identity back to the user.
This is especially useful in environments with multiple third-party vendors, remote staff, or high-profile clients needing secure, private access to their files.
AI and Cybersecurity in Law Firms: Promise, Peril, and the Path Forward
Artificial Intelligence is rapidly transforming how law firms operate, from drafting contracts and conducting legal research to automating administrative workflows and enhancing client communications.
Although AI accelerates operations and decision-making, it also introduces complex and evolving cybersecurity risks that organizations must be prepared to defend against.
1. Phishing That Outsmarts Filters
Cybercriminals are now using generative AI to scan public data from LinkedIn, law firm bios, press releases, and deal announcements. Using this information, attackers create phishing emails that replicate your firm’s communication style, document layout, and even the language attorneys use in internal messages.
Even more concerning is the surge in polymorphic phishing, emails that continuously change their appearance and content to slip past spam filters and security tools undetected.
2. Deepfakes and Voice Cloning
AI-generated deepfake videos and cloned voices now pose one of the most insidious threats to law firms. Imagine receiving a video call from what appears to be your managing partner or a major client, only to discover later it was a fabricated likeness convincing enough to trick staff into sharing credentials or allowing money transfers.
This scenario isn’t hypothetical. In one confirmed incident, an employee of a UK firm transferred £20 million after being fooled by a deepfake video call featuring multiple “executives.”
3. AI-Driven Malware and Ransomware: Smarter, Faster, and Stealthier
AI is also transforming ransomware. Today’s malicious software can adapt its behavior in real time, bypassing firewalls and endpoint security tools by changing its signature and tactics.
AI-powered ransomware even hunts down the most valuable data in your network, prioritizing files related to M&A, litigation, or client billing. It then encrypts or exfiltrates this data and uses it as leverage in double-extortion schemes: pay up, or your sensitive data gets leaked.
So What Should Law Firms Do?
Here’s how to reduce your AI-related cyber risks while still taking advantage of AI’s benefits:
- Invest in AI-driven threat detection tools that evolve alongside adversaries. Legacy security tools alone won’t cut it.
- Implement Zero Trust principles, verifying every user, device, and application, especially when dealing with remote teams or clients.
- Educate your entire staff, from junior associates to managing partners, on the risks of AI-generated phishing, deepfakes, and voice spoofing.
- Build contingency plans for AI-enabled ransomware attacks. Include secure, off-site backups, recovery protocols, and incident response teams with tested playbooks.
- Adopt document verification tools and secondary verification workflows for sensitive transactions, authorizations, and approvals.
- Monitor third-party risk. Ensure vendors, especially legal tech providers, follow the same security standards you do.
Whether you’re handling high-profile litigation or client onboarding, your firm’s cybersecurity posture directly impacts your credibility and continuity. As attackers become more precise and persistent, your response must be faster, smarter, and relentless.
Let’s make sure your defenses are ready.
Reply to this email to speak with an Infoguard legal cybersecurity expert today.
Contact us for more information.
If you found this newsletter useful, don’t forget to share it with your colleagues.
Best regards,
The Infoguard Cybersecurity Team
